Simplify for Success - Conversation with Wendy Riggs
Wendy Riggs, the Managing Member of IGC Global, was the guest on Simplify for Success, a podcast series presented by Meru Data and hosted by Priya Keshav. In the podcast, Wendy discusses her experience in developing and implementing an enterprise-wide IG program. She shares her thoughts around simplification and how to build a business case for IG, getting user adoption, and change management.
Listen to the full podcast below:
*Views and opinions expressed by guests do not necessarily reflect the view of Meru Data.*
Hello everyone, welcome to our podcast around simplifying for success. Simplification requires discipline and clarity of thought. This is not often easy in today's rapid pace work environment. We have invited a few colleagues in data and information governance space to share their strategies and approaches for simplification.
Today, we will be talking to Wendy Riggs. Wendy most recently led legal operations and information governance at Airbnb. She has extensive experience providing strategic advice to internal and external teams. She has proven ability to identify deficiencies in complex workflows and implement customized, cost-efficient processes. She has great experience and tips to share with us today.
Hi Wendy, thank you for joining us.
Hi Priya, I'm super happy to be here.
Thanks for having me.
You have had many years of experience in developing and implementing enterprise-wide IG programs in the technology industry.
How do you build a business case for IG? Any tips that you can share?
Yes, getting funding for a true IG program prior to GDPR was very difficult. We were more focused on IG in a very reactive way, and it was via eDiscovery. In my experience, much of the data mapping and creation of policies and retention schedules around IG prior to GDPR compliance was driven by litigation and regulatory matters. With GDPR, it became quite clear that IG was the foundational component for compliance with privacy laws and regulations. And, that being said, the most successful way to build a case for executive-level buy-in and funding is to focus on the legal framework that supports the entire IG program, which would be of course, records retention schedules and policies around preservation of data related to existing or anticipated litigation.
How do you balance showing immediate results while also setting expectations that these programs are likely to be multi-year programs?
I think it's a great approach to show a project plan to the executive team to understand all of the components that go into an information governance program.
It definitely needs to be broken into parts. So, not only is it a heavy lift, it is going to require compliance forever across the company.
So, how do you show immediate results so people start feeling like this is kind of moving in the right direction? So, you talked a lot about setting the expectation that it’s going to be a multi-year program. You talked a little bit about the compliance, but what are some good ways to, kind of, show immediate results, where people feel like there is investment, this is headed in the right direction. Because we live in an era where we all want results yesterday, not tomorrow.
So how do you balance that while setting expectations for the program but the executives?
I think tackling one component at a time obviously works so that you see results quickly. A good example is something like email retention. Email retention is a system that is easy to apply retention to and at the same time it gives you an opportunity to explain the importance of the program and start developing that process of change management and educating it across the organization which sets up the program for success as well.
You brought up a really good point, tackling one component at a time, right?
So simplifying for success is important, so essentially there are two ways to simplify: breaking down the parts to reduce the complexity, or identifying a new innovative way to execute the same task.
Would you choose one over the other? Any thoughts that you can share on how you sort of break down into components or how you simplify?
I would say it's a combination of both. I think that definitely in order to be successful with the information implementing and designing and implementing an information governance program is to break it into different components. But at the same time, given the landscape across the organization, the culture, you have to be able to be innovative. For some people, for some organizations, you're going to have portions of an IG program that are already in place, maybe you need to update those, or maybe you need to build off of those.
In other organizations, there's nothing in place, so you're starting from the ground up. So, it's very different, but I would definitely say it is a combination of both and really focuses on where the organization is.
Can you share some examples and how you've seen success, either through simplifying or by coming up with a completely innovative solution?
Yes, it relates to email retention, and I again, I think that's just an easy place to start with the program, and I think a lot of companies start there. And by implementing an email retention program, you have the ability, if you're starting from the ground up, to socialize why a records retention policy and records retention schedules are important and required. And you also have the opportunity to start the change management and training process that sets you up for compliance in the long term. That's one way.
The other way is, for instance, if there are policies in place, how do we leverage those policies and work practices to move from a very siloed way of working to a shared, I guess, a shared way of collaboration across team members work? So it's something we did in the past is where an email retention policy was in place and it was rolling off, we saw that team members were trying to cut and paste their data and put it somewhere else, then it was sort of circumventing the policy. But by going in and looking at how people were working and analyzing that process, we were coming up with a very innovative way to help them work together and share information and leverage that shared information across their teams.
What role does technology play while building the IG program and how have you leveraged technology to solve some of the IG problems that you have faced?
Technology is a big component of the IG program and, of course, as I mentioned before, you have set people working in silos. There are a lot of different teams across an organization that are attempting to work toward compliance around their data. For instance, you have the information security team wanting to make sure that the data that's going into an application or platform is protected, so they're looking at different third-party security reviews and what-not. Well, let's say, the information governance team or the eDiscovery team is focused on how do I preserve data or collect data in a defensible manner from these various systems?
So, leveraging technology for the data mapping side as well and taking all of these different components and pulling them together in one tool is very helpful and it lets you approach this in a much more holistic way. And again, you're getting away from that siloed environment. And also, you know making sure that you're not duplicating efforts across the organization.
So, as you’ve implemented these IG programs in various organizations, what are some of the biggest challenges that you have faced and what are some of the tips that you can share on how to overcome these challenges?
I think a couple of the biggest challenges. One is the executive level buy-in, it needs to come from the top-down to get an organization to participate, actively participate and understand how important it is.
The other issue really comes into play on the privacy side. While the privacy regulations have helped us in the IG space, it also has flagged, I think, for certain teams or certain individuals and organizations that it's really only focused on privacy data, and that's not the case. Information governance is a much larger program, it touches all data, not just PII, and it touches every single person in an organization, and I think that's where change management and socialization come into play and it's a very significant component to a successful information governance program.
Thank you for taking the time to share your experiences and some tips on how to implement a good IG program and ensure that it's successful with us today.
So, appreciate you doing that, Wendy.
Thank you, Priya.
I really appreciate the opportunity.